| 1 | //! Implementation of panics backed by libgcc/libunwind (in some form). |
| 2 | //! |
|---|
| 3 | //! For background on exception handling and stack unwinding please see |
|---|
| 4 | //! "Exception Handling in LLVM" (llvm.org/docs/ExceptionHandling.html) and |
|---|
| 5 | //! documents linked from it. |
|---|
| 6 | //! These are also good reads: |
|---|
| 7 | //! * <https://itanium-cxx-abi.github.io/cxx-abi/abi-eh.html> |
|---|
| 8 | //! * <https://nicolasbrailo.github.io/blog/projects_texts/13exceptionsunderthehood.html> |
|---|
| 9 | //! * <https://www.airs.com/blog/index.php?s=exception+frames> |
|---|
| 10 | //! |
|---|
| 11 | //! ## A brief summary |
|---|
| 12 | //! |
|---|
| 13 | //! Exception handling happens in two phases: a search phase and a cleanup |
|---|
| 14 | //! phase. |
|---|
| 15 | //! |
|---|
| 16 | //! In both phases the unwinder walks stack frames from top to bottom using |
|---|
| 17 | //! information from the stack frame unwind sections of the current process's |
|---|
| 18 | //! modules ("module" here refers to an OS module, i.e., an executable or a |
|---|
| 19 | //! dynamic library). |
|---|
| 20 | //! |
|---|
| 21 | //! For each stack frame, it invokes the associated "personality routine", whose |
|---|
| 22 | //! address is also stored in the unwind info section. |
|---|
| 23 | //! |
|---|
| 24 | //! In the search phase, the job of a personality routine is to examine |
|---|
| 25 | //! exception object being thrown, and to decide whether it should be caught at |
|---|
| 26 | //! that stack frame. Once the handler frame has been identified, cleanup phase |
|---|
| 27 | //! begins. |
|---|
| 28 | //! |
|---|
| 29 | //! In the cleanup phase, the unwinder invokes each personality routine again. |
|---|
| 30 | //! This time it decides which (if any) cleanup code needs to be run for |
|---|
| 31 | //! the current stack frame. If so, the control is transferred to a special |
|---|
| 32 | //! branch in the function body, the "landing pad", which invokes destructors, |
|---|
| 33 | //! frees memory, etc. At the end of the landing pad, control is transferred |
|---|
| 34 | //! back to the unwinder and unwinding resumes. |
|---|
| 35 | //! |
|---|
| 36 | //! Once stack has been unwound down to the handler frame level, unwinding stops |
|---|
| 37 | //! and the last personality routine transfers control to the catch block. |
|---|
| 38 | |
|---|
| 39 | use alloc::boxed::Box; |
|---|
| 40 | use core::any::Any; |
|---|
| 41 | use core::ptr; |
|---|
| 42 | |
|---|
| 43 | use unwind as uw; |
|---|
| 44 | |
|---|
| 45 | // In case where multiple copies of std exist in a single process, |
|---|
| 46 | // we use address of this static variable to distinguish an exception raised by |
|---|
| 47 | // this copy and some other copy (which needs to be treated as foreign exception). |
|---|
| 48 | static CANARY: u8 = 0; |
|---|
| 49 | |
|---|
| 50 | // NOTE(nbdd0121) |
|---|
| 51 | // There is an ABI stability requirement on this struct. |
|---|
| 52 | // The first two field must be `_Unwind_Exception` and `canary`, |
|---|
| 53 | // as it may be accessed by a different version of the std with a different compiler. |
|---|
| 54 | #[repr (C)] |
|---|
| 55 | struct Exception { |
|---|
| 56 | _uwe: uw::_Unwind_Exception, |
|---|
| 57 | canary: *const u8, |
|---|
| 58 | cause: Box<dyn Any + Send>, |
|---|
| 59 | } |
|---|
| 60 | |
|---|
| 61 | pub(crate) unsafe fn panic(data: Box<dyn Any + Send>) -> u32 { |
|---|
| 62 | let exception: Box = Box::new(Exception { |
|---|
| 63 | _uwe: uw::_Unwind_Exception { |
|---|
| 64 | exception_class: RUST_EXCEPTION_CLASS, |
|---|
| 65 | exception_cleanup: Some(exception_cleanup), |
|---|
| 66 | private: [core::ptr::null(); uw::unwinder_private_data_size], |
|---|
| 67 | }, |
|---|
| 68 | canary: &CANARY, |
|---|
| 69 | cause: data, |
|---|
| 70 | }); |
|---|
| 71 | let exception_param: *mut _Unwind_Exception = Box::into_raw(exception) as *mut uw::_Unwind_Exception; |
|---|
| 72 | return unsafe { uw::_Unwind_RaiseException(exception_param) as u32 }; |
|---|
| 73 | |
|---|
| 74 | extern "C" fn exception_cleanup( |
|---|
| 75 | _unwind_code: uw::_Unwind_Reason_Code, |
|---|
| 76 | exception: *mut uw::_Unwind_Exception, |
|---|
| 77 | ) { |
|---|
| 78 | unsafe { |
|---|
| 79 | let _: Box<Exception> = Box::from_raw(exception as *mut Exception); |
|---|
| 80 | super::__rust_drop_panic(); |
|---|
| 81 | } |
|---|
| 82 | } |
|---|
| 83 | } |
|---|
| 84 | |
|---|
| 85 | pub(crate) unsafe fn cleanup(ptr: *mut u8) -> Box<dyn Any + Send> { |
|---|
| 86 | unsafe { |
|---|
| 87 | let exception: *mut _Unwind_Exception = ptr as *mut uw::_Unwind_Exception; |
|---|
| 88 | if (*exception).exception_class != RUST_EXCEPTION_CLASS { |
|---|
| 89 | uw::_Unwind_DeleteException(exception); |
|---|
| 90 | super::__rust_foreign_exception(); |
|---|
| 91 | } |
|---|
| 92 | |
|---|
| 93 | let exception: *mut Exception = exception.cast::<Exception>(); |
|---|
| 94 | // Just access the canary field, avoid accessing the entire `Exception` as |
|---|
| 95 | // it can be a foreign Rust exception. |
|---|
| 96 | let canary: *const u8 = (&raw const (*exception).canary).read(); |
|---|
| 97 | if !ptr::eq(a:canary, &CANARY) { |
|---|
| 98 | // A foreign Rust exception, treat it slightly differently from other |
|---|
| 99 | // foreign exceptions, because call into `_Unwind_DeleteException` will |
|---|
| 100 | // call into `__rust_drop_panic` which produces a confusing |
|---|
| 101 | // "Rust panic must be rethrown" message. |
|---|
| 102 | super::__rust_foreign_exception(); |
|---|
| 103 | } |
|---|
| 104 | |
|---|
| 105 | let exception: Box = Box::from_raw(exception as *mut Exception); |
|---|
| 106 | exception.cause |
|---|
| 107 | } |
|---|
| 108 | } |
|---|
| 109 | |
|---|
| 110 | // Rust's exception class identifier. This is used by personality routines to |
|---|
| 111 | // determine whether the exception was thrown by their own runtime. |
|---|
| 112 | const RUST_EXCEPTION_CLASS: uw::_Unwind_Exception_Class = u64::from_ne_bytes(*b"MOZ \0RUST" ); |
|---|
| 113 | |
|---|
